Terrier — Adopt a Terrier. Dog. 梗犬。Terrier.

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only virtual pet skill whose animalhouse.ai network use, token use, and pet-state changes are expected for its purpose.

Install only if you want an agent to interact with animalhouse.ai and modify virtual pet account state. Keep the bearer token secret, review any scheduled care automation before enabling it, and require explicit confirmation before using DELETE /api/house/release.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill documents a destructive `DELETE /api/house/release` endpoint without clearly warning that it is irreversible or recommending confirmation safeguards. In agentic environments, destructive endpoints are risky because an LLM or automation layer may invoke them from vague instructions, causing permanent loss of user state or assets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal